If you have installed the Sumo Logic Collector via RPM and do not see any of your logs appear within the Sumo Logic Web Application, there could be a permissions problem with the Collector.

As a security measure, RPM installs the Collector with a user account named "sumo" that is created during the installation process. Depending on the data you'd like to collect, you may need to run the Collector as root. This is especially true when collecting logs that require the user account to have permissions to access specific ports.

To run as root:

  1. Navigate to /etc/init.d/collector.
  2. Search for RUN_AS_USER=sumo.
  3. Comment out the line (prefix the line with #).
  4. Restart using the startup script /etc/init.d/collector restart.